samba - Oct 2025 - PAM, winbind, kerberos and CIFS...

Mandi! Rowland Penny via samba
  In chel di` si favelave...
>> if i modify as:
>>       auth    [success=1 default=ignore]      pam_winbind.so
>> cached_login try_first_pass 
> I would change it back, you have turned off kerberos.
This is the point. I know. If i turn off Kerberos, authentication works...

> The question is, if the '#' was there, who put it there ?
Rowland, the rowh with '#' was the original row, i've commented out
and
substituted wit the non-kerberos line above. Doing copy&paste here i've
forgot
to remove the leading '#'...

--

On Mon, 20 Oct 2025 16:55:05 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> 
> >> if i modify as:
> >>       auth    [success=1 default=ignore]      pam_winbind.so
> >> cached_login try_first_pass 
> > I would change it back, you have turned off kerberos.
> 
> This is the point. I know. If i turn off Kerberos, authentication
> works...
Exactly, that is the point, kerberos should work.
> 
> 
> > The question is, if the '#' was there, who put it there ?
> 
> Rowland, the rowh with '#' was the original row, i've commented
out
> and substituted wit the non-kerberos line above. Doing copy&paste
> here i've forgot to remove the leading '#'...
> 
That answers that question, the question now is, why did you have to do
that ?

I notice this is on an Ubuntu client, could sssd be installed and has
it taken control of the machines kerberos ticket and winbind is trying
to use the wrong ticket and failing ?

Rowland